cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24828,https://securityvulnerability.io/vulnerability/CVE-2025-24828,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Cloud Agent for Windows,"A local privilege escalation vulnerability exists in Acronis Cyber Protect Cloud Agent for Windows due to improper handling of dynamic link libraries (DLLs). An attacker with local access could exploit this flaw to execute arbitrary code with elevated privileges, potentially compromising the system. It is essential for users of affected versions to update to build 39378 or later to safeguard against this security risk.",Acronis,Acronis Cyber Protect Cloud Agent,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:58.295Z,0
CVE-2025-24827,https://securityvulnerability.io/vulnerability/CVE-2025-24827,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Cloud Agent for Windows,"Acronis Cyber Protect Cloud Agent for Windows is susceptible to a local privilege escalation vulnerability caused by DLL hijacking. This flaw allows attackers to execute arbitrary code with elevated privileges on affected systems, potentially compromising sensitive data and system integrity. Users are advised to upgrade to build 39378 or later to mitigate this risk.",Acronis,Acronis Cyber Protect Cloud Agent,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:44.323Z,0
CVE-2025-24829,https://securityvulnerability.io/vulnerability/CVE-2025-24829,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,"A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to DLL hijacking. When exploited, this vulnerability allows an attacker with local access to gain elevated privileges, potentially compromising the system's security and integrity. Users are advised to update to build 39378 or later to mitigate this risk. For further details, refer to the vendor advisory linked here: SEC-7839.",Acronis,Acronis Cyber Protect Cloud Agent,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:28.583Z,0
CVE-2025-24830,https://securityvulnerability.io/vulnerability/CVE-2025-24830,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,"Acronis Cyber Protect Cloud Agent for Windows is impacted by a local privilege escalation issue stemming from DLL hijacking vulnerabilities. Attackers could potentially exploit this vulnerability to gain elevated privileges on affected systems, compromising security measures and allowing unauthorized actions.",Acronis,Acronis Cyber Protect Cloud Agent,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:43:13.267Z,0
CVE-2025-24831,https://securityvulnerability.io/vulnerability/CVE-2025-24831,Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows,A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to an unquoted search path issue. This flaw allows an attacker with local access to manipulate the environment in such a way that they may execute malicious commands with elevated privileges. Users are advised to update to build 39378 or later to mitigate the risk associated with this vulnerability.,Acronis,Acronis Cyber Protect Cloud Agent,6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T12:42:57.048Z,0
CVE-2024-55541,https://securityvulnerability.io/vulnerability/CVE-2024-55541,Stored Cross-Site Scripting Vulnerability in Acronis Cyber Protect 16,"A stored cross-site scripting (XSS) vulnerability exists in Acronis Cyber Protect 16 due to insufficient origin validation in the postMessage function. This flaw allows attackers to inject malicious scripts that could be executed in the context of the affected application. Users operating versions prior to build 39169 are particularly at risk. Mitigation efforts are recommended to address this vulnerability and safeguard sensitive user data. For further information, consult the vendor's advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:55.281Z,0
CVE-2024-55542,https://securityvulnerability.io/vulnerability/CVE-2024-55542,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A local privilege escalation vulnerability exists in the Tray Monitor service of Acronis Cyber Protect products, where excessive permissions can lead to unauthorized access and escalation of user privileges. This affects Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent across multiple platforms, including Linux, macOS, and Windows, prior to specified build versions. Users and organizations utilizing these products should take immediate action to update their installations to mitigate potential security risks.",Acronis,"Acronis Cyber Protect 16,Acronis Cyber Protect Cloud Agent",,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:40.928Z,0
CVE-2024-56414,https://securityvulnerability.io/vulnerability/CVE-2024-56414,Weak Hash Algorithm Vulnerability in Acronis Cyber Protect by Acronis,"A vulnerability exists in Acronis Cyber Protect 16 for Windows due to the use of a weak hash algorithm in the web installer integrity check. This flaw can potentially allow an attacker to manipulate the integrity of the installation process, leading to unauthorized access or execution of malicious code. The affected version includes all builds prior to 39169, necessitating prompt updates to mitigate associated security risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:10.784Z,0
CVE-2024-56413,https://securityvulnerability.io/vulnerability/CVE-2024-56413,Session Invalidation Flaw in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a vulnerability due to missing session invalidation after user deletion. This flaw potentially allows unauthorized access, which could be exploited by malicious actors to continue to use a session associated with a deleted user account, thereby compromising sensitive information and system integrity. Users of Acronis Cyber Protect 16 (Windows) prior to build 39169 should review their security measures and consider applying the latest updates to mitigate potential risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:00.507Z,0
CVE-2024-55540,https://securityvulnerability.io/vulnerability/CVE-2024-55540,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"A vulnerability exists in Acronis Cyber Protect 16, specifically affecting Windows systems prior to build 39169, allowing for local privilege escalation through DLL hijacking. Attackers could leverage this vulnerability to execute code with elevated privileges, posing significant risks to user security and the integrity of the affected systems. It is crucial for users of Acronis Cyber Protect 16 to apply the necessary updates and patches to mitigate the potential impact of this vulnerability as highlighted in the vendor advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:25:48.887Z,0
CVE-2024-55543,https://securityvulnerability.io/vulnerability/CVE-2024-55543,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a local privilege escalation vulnerability attributed to DLL hijacking. This vulnerability can allow unauthorized users to gain elevated privileges on affected systems. Specifically, users with local access can exploit this weakness to execute malicious code, potentially compromising the integrity and confidentiality of the system. It is crucial for users to update to build 39169 or later to mitigate the associated risks. For further details, refer to vendor advisory SEC-6418.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:24:26.589Z,0
CVE-2024-55539,https://securityvulnerability.io/vulnerability/CVE-2024-55539,Weak Algorithm in RPM Package Signing for Acronis Products,"Acronis Cyber Protect Cloud Agent for Linux is impacted by a vulnerability due to the utilization of a weak algorithm for signing RPM packages. This flaw compromises the integrity of package verification processes, leaving systems at risk for potential exploitation. Users of Acronis Cyber Protect Cloud Agent (Linux) prior to build 39185 should immediately review their systems for exposure to this vulnerability and apply relevant mitigations or updates as necessary to enhance their security posture.",Acronis,Acronis Cyber Protect Cloud Agent,2.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-23T14:05:20.298Z,0
CVE-2024-49388,https://securityvulnerability.io/vulnerability/CVE-2024-49388,Improper Authorization Leads to Sensitive Information Manipulation in Acronis Cyber Protect 16,"A vulnerability exists in Acronis Cyber Protect 16 that allows for sensitive information manipulation as a result of improper authorization processes. This flaw impacts users of the software on both Linux and Windows platforms prior to build 38690, potentially enabling unauthorized users to access or alter sensitive data. Organizations using affected versions should prioritize updating their systems to mitigate the associated risks detailed in the vendor's advisory SEC-5984.",Acronis,Acronis Cyber Protect 16,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-15T10:34:24.960Z,0
CVE-2024-49387,https://securityvulnerability.io/vulnerability/CVE-2024-49387,Sensitive Information Transmitted in Clear Text in Acronis Cyber Protect 16 Before Build 38690,"Acronis Cyber Protect 16 (Linux, Windows) before build 38690 is susceptible to a vulnerability allowing the cleartext transmission of sensitive information within the acep-collector service. This flaw may expose critical data to unauthorized interception, potentially compromising the integrity and confidentiality of user information. Users of the affected versions are encouraged to apply the necessary updates to mitigate risks associated with this vulnerability.",Acronis,Acronis Cyber Protect 16,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-15T10:34:10.675Z,0
CVE-2024-49384,https://securityvulnerability.io/vulnerability/CVE-2024-49384,Excessive attack surface in Acronis Cyber Protect 16 due to binding to unrestricted IP address,"Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:33:52.655Z,0
CVE-2024-49383,https://securityvulnerability.io/vulnerability/CVE-2024-49383,Excessive attack surface due to unrestricted IP address binding,"Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:33:14.227Z,0
CVE-2024-49382,https://securityvulnerability.io/vulnerability/CVE-2024-49382,Unrestricted IP Address Leaves Archive-Server Service Vulnerable to Attacks,"Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:32:55.845Z,0
CVE-2024-8766,https://securityvulnerability.io/vulnerability/CVE-2024-8766,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows local privilege escalation through DLL hijacking. This enables an attacker to exploit the system and gain unauthorized access, potentially leading to further security breaches. Users are advised to upgrade to the latest builds to mitigate these risks. For detailed information, please refer to the vendor advisory.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-16T20:15:00.000Z,0
CVE-2022-45449,https://securityvulnerability.io/vulnerability/CVE-2022-45449,Acronis Cyber Protect 15 Discloses Sensitive Information Due to Excessive Privileges,"A vulnerability exists in Acronis Cyber Protect 15 due to excessive privileges assigned to the Acronis Agent, which could potentially lead to sensitive information disclosure. This issue affects both Windows and Linux versions of the software prior to build 30984. Administrators and users should ensure they are using the latest version to mitigate risks associated with unauthorized access to confidential data.",Acronis,Acronis Cyber Protect 15,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T14:47:21.100Z,0
CVE-2023-48684,https://securityvulnerability.io/vulnerability/CVE-2023-48684,Sensitive Information Disclosure in Acronis Cyber Protect Cloud Agent,"The vulnerability results from inadequate authorization checks within the Acronis Cyber Protect Cloud Agent, permitting unauthorized access to sensitive information. Attackers exploiting this flaw can manipulate data and potentially escalate their access privileges. The issue affects users of the software on Linux, macOS, and Windows platforms prior to build 37758, making prompt updates essential to mitigate risks.",Acronis,Acronis Cyber Protect Cloud Agent,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2024-34010,https://securityvulnerability.io/vulnerability/CVE-2024-34010,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for local privilege escalation. This vulnerability arises due to an unquoted search path, which could be exploited to gain unauthorized elevated privileges on affected Windows systems. Versions prior to build 37758 of Acronis Cyber Protect Cloud Agent and build 38690 of Acronis Cyber Protect 16 are susceptible. Users of these products are encouraged to update their software to mitigate potential security risks.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2023-48683,https://securityvulnerability.io/vulnerability/CVE-2023-48683,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A vulnerability in Acronis Cyber Protect products allows for the unauthorized access and manipulation of sensitive information due to inadequate authorization mechanisms. This affects multiple platforms including Linux, macOS, and Windows, potentially exposing users to security risks. Users are advised to upgrade to the latest builds to mitigate this risk.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2023-48682,https://securityvulnerability.io/vulnerability/CVE-2023-48682,Stored XSS Vulnerability Affects Acronis Cyber Protect 16 for Linux and Windows,"Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:53:05.091Z,0
CVE-2023-48681,https://securityvulnerability.io/vulnerability/CVE-2023-48681,Self Cross-Site Scripting (XSS) Vulnerability in Storage Nodes Search Field,"Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,1.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:52:25.743Z,0
CVE-2023-48680,https://securityvulnerability.io/vulnerability/CVE-2023-48680,Excessive System Information Collection Leads to Sensitive Information Disclosure,"Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:51:19.284Z,0